package com.fz.song.config;


import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .cors()
                .and()
                //定义配置
                .authorizeRequests()
                //定义资源和角色
                //添加ant模式的配置,
                // ?匹配任意单个字符，使用*匹配0或任意数量的字符，使用**匹配0或者更多的目录。
                .antMatchers("/admin/api/**").hasRole("ADMIN")
                .antMatchers("/user/api/**").hasRole("USER")
                .antMatchers("/app/api/**").permitAll()
                //链式调用的and()返回HttpSecurity,相当于返从这个开始新的配置
                .and()
                .formLogin();
    }


}
